Don't inject untrusted input

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / videos / video-imports.ts

diff --git a/server/middlewares/validators/videos/video-imports.ts b/server/middlewares/validators/videos/video-imports.ts
index 3115acb21a8d6631c0d5090a77a7aa56462ca017..72442aeb67e0b5ceb26fb1db5988847fa50c22b8 100644 (file)
--- a/server/middlewares/validators/videos/video-imports.ts
+++ b/server/middlewares/validators/videos/video-imports.ts
@@ -4,6 +4,7 @@ import { isResolvingToUnicastOnly } from '@server/helpers/dns'
 import { isPreImportVideoAccepted } from '@server/lib/moderation'
 import { Hooks } from '@server/lib/plugins/hooks'
 import { MUserAccountId, MVideoImport } from '@server/types/models'
+import { forceNumber } from '@shared/core-utils'
 import { HttpStatusCode, UserRight, VideoImportState } from '@shared/models'
 import { VideoImportCreate } from '@shared/models/videos/import/video-import-create.model'
 import { isIdValid, toIntOrNull } from '../../../helpers/custom-validators/misc'
@@ -19,13 +20,13 @@ import { getCommonVideoEditAttributes } from './videos'
 const videoImportAddValidator = getCommonVideoEditAttributes().concat([
   body('channelId')
     .customSanitizer(toIntOrNull)
-    .custom(isIdValid).withMessage('Should have correct video channel id'),
+    .custom(isIdValid),
   body('targetUrl')
     .optional()
-    .custom(isVideoImportTargetUrlValid).withMessage('Should have a valid video import target URL'),
+    .custom(isVideoImportTargetUrlValid),
   body('magnetUri')
     .optional()
-    .custom(isVideoMagnetUriValid).withMessage('Should have a valid video magnet URI'),
+    .custom(isVideoMagnetUriValid),
   body('torrentfile')
     .custom((value, { req }) => isVideoImportTorrentFile(req.files))
     .withMessage(
@@ -39,8 +40,6 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
     ),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoImportAddValidator parameters', { parameters: req.body })
-
     const user = res.locals.oauth.token.User
     const torrentFile = req.files?.['torrentfile'] ? req.files['torrentfile'][0] : undefined
 
@@ -95,11 +94,9 @@ const videoImportAddValidator = getCommonVideoEditAttributes().concat([
 const getMyVideoImportsValidator = [
   query('videoChannelSyncId')
     .optional()
-    .custom(isIdValid).withMessage('Should have correct videoChannelSync id'),
+    .custom(isIdValid),
 
   (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking getMyVideoImportsValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     return next()
@@ -108,11 +105,9 @@ const getMyVideoImportsValidator = [
 
 const videoImportDeleteValidator = [
   param('id')
-    .custom(isIdValid).withMessage('Should have correct import id'),
+    .custom(isIdValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoImportDeleteValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
     if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
@@ -131,14 +126,12 @@ const videoImportDeleteValidator = [
 
 const videoImportCancelValidator = [
   param('id')
-    .custom(isIdValid).withMessage('Should have correct import id'),
+    .custom(isIdValid),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    logger.debug('Checking videoImportCancelValidator parameters', { parameters: req.params })
-
     if (areValidationErrors(req, res)) return
 
-    if (!await doesVideoImportExist(parseInt(req.params.id), res)) return
+    if (!await doesVideoImportExist(forceNumber(req.params.id), res)) return
     if (!checkUserCanManageImport(res.locals.oauth.token.user, res.locals.videoImport, res)) return
 
     if (res.locals.videoImport.state !== VideoImportState.PENDING) {